diff --git a/Berksfile b/Berksfile index 80f3add5..495382f4 100644 --- a/Berksfile +++ b/Berksfile @@ -6,3 +6,6 @@ cookbook 'openstack-identity', github: 'openstack/cookbook-openstack-identity' cookbook 'openstack-common', github: 'openstack/cookbook-openstack-common' +cookbook "openstackclient", + github: "cloudbau/cookbook-openstackclient" + diff --git a/README.md b/README.md index ca95b9bd..bafb46ac 100644 --- a/README.md +++ b/README.md @@ -35,6 +35,7 @@ The following cookbooks are dependencies: - 'openstack-common', '>= 14.0.0' - 'openstack-identity', '>= 14.0.0' +- 'openstackclient', '>= 0.1.0' Attributes ========== diff --git a/attributes/default.rb b/attributes/default.rb index 23998db5..d6e12375 100644 --- a/attributes/default.rb +++ b/attributes/default.rb @@ -37,7 +37,7 @@ default['openstack']['bind_service']['all']['network']['port'] = 9696 # config) default['openstack']['network']['syslog']['use'] = false # Name of the plugin to load -default['openstack']['network']['identity-api']['auth']['version'] = 'v2.0' +default['openstack']['network']['identity-api']['auth']['version'] = 'v3' # Set dbsync command timeout value default['openstack']['network']['dbsync_timeout'] = 3600 # Specify policy.json remote filwe to import @@ -261,7 +261,7 @@ default['openstack']['network']['platform'].tap do |platform| '' when 'debian' platform['neutron_packages'] = - %w(neutron-common python-pyparsing python-cliff) + %w(neutron-common) platform['neutron_client_packages'] = %w(python-neutronclient python-pyparsing) platform['neutron_dhcp_packages'] = @@ -274,7 +274,7 @@ default['openstack']['network']['platform'].tap do |platform| platform['neutron_lbaas_packages'] = %w(python-neutron-lbaas neutron-lbaas-agent haproxy) platform['neutron_openvswitch_packages'] = - %w(openvswitch-switch openvswitch-datapath-dkms bridge-utils) + %w(openvswitch-switch bridge-utils) platform['neutron_openvswitch_build_packages'] = %w( build-essential pkg-config fakeroot diff --git a/attributes/neutron_conf.rb b/attributes/neutron_conf.rb index aafdcec7..a4949d85 100644 --- a/attributes/neutron_conf.rb +++ b/attributes/neutron_conf.rb @@ -19,16 +19,20 @@ default['openstack']['network']['conf'].tap do |conf| end # [keystone_authtoken] section - conf['keystone_authtoken']['auth_type'] = 'v2password' + conf['keystone_authtoken']['auth_type'] = 'v3password' conf['keystone_authtoken']['region_name'] = node['openstack']['region'] conf['keystone_authtoken']['username'] = 'neutron' - conf['keystone_authtoken']['tenant_name'] = 'service' - + conf['keystone_authtoken']['user_domain_name'] = 'Default' + conf['keystone_authtoken']['project_domain_name'] = 'Default' + conf['keystone_authtoken']['project_name'] = 'service' + conf['keystone_authtoken']['auth_version'] = 'v3' # [nova] section - conf['nova']['auth_type'] = 'v2password' + conf['nova']['auth_type'] = 'v3password' conf['nova']['region_name'] = node['openstack']['region'] conf['nova']['username'] = 'nova' - conf['nova']['tenant_name'] = 'service' + conf['nova']['user_domain_name'] = 'Default' + conf['nova']['project_name'] = 'service' + conf['nova']['project_domain_name'] = 'Default' # [oslo_concurrency] section conf['oslo_concurrency']['lock_path'] = '/var/lib/neutron/lock' diff --git a/metadata.rb b/metadata.rb index 9d6eae85..1ed18ebc 100644 --- a/metadata.rb +++ b/metadata.rb @@ -15,3 +15,4 @@ end depends 'openstack-common', '>= 14.0.0' depends 'openstack-identity', '>= 14.0.0' +depends 'openstackclient' diff --git a/recipes/default.rb b/recipes/default.rb index 282f9e31..ac25c984 100644 --- a/recipes/default.rb +++ b/recipes/default.rb @@ -85,11 +85,7 @@ if node['openstack']['network']['conf']['DEFAULT']['rpc_backend'] == 'rabbit' end identity_public_endpoint = public_endpoint 'identity' -auth_url = - auth_uri_transform( - identity_public_endpoint.to_s, - node['openstack']['network']['identity-api']['auth']['version'] - ) +auth_url = identity_public_endpoint.to_s db_user = node['openstack']['db']['network']['username'] db_pass = get_password 'db', 'neutron' diff --git a/recipes/identity_registration.rb b/recipes/identity_registration.rb index f79c67f1..fb70fb7b 100644 --- a/recipes/identity_registration.rb +++ b/recipes/identity_registration.rb @@ -28,68 +28,80 @@ end identity_admin_endpoint = admin_endpoint 'identity' -bootstrap_token = get_password 'token', 'openstack_identity_bootstrap_token' -auth_uri = ::URI.decode identity_admin_endpoint.to_s +auth_url = ::URI.decode identity_admin_endpoint.to_s -admin_api_endpoint = admin_endpoint 'network' -public_api_endpoint = public_endpoint 'network' -internal_api_endpoint = internal_endpoint 'network' +interfaces = { + public: { url: public_endpoint('network') }, + internal: { url: internal_endpoint('network') }, + admin: { url: admin_endpoint('network') } +} service_pass = get_password 'service', 'openstack-network' service_tenant_name = - node['openstack']['network']['conf']['keystone_authtoken']['tenant_name'] + node['openstack']['network']['conf']['keystone_authtoken']['project_name'] service_user = node['openstack']['network']['conf']['keystone_authtoken']['username'] service_role = node['openstack']['network']['service_role'] +service_domain_name = node['openstack']['network']['conf']['keystone_authtoken']['user_domain_name'] +admin_user = node['openstack']['identity']['admin_user'] +admin_pass = get_password 'user', node['openstack']['identity']['admin_user'] +admin_project = node['openstack']['identity']['admin_project'] +admin_domain = node['openstack']['identity']['admin_domain_name'] +region = node['openstack']['region'] -openstack_identity_register 'Register Network API Service' do - auth_uri auth_uri - bootstrap_token bootstrap_token - service_name node['openstack']['network']['service_name'] - service_type node['openstack']['network']['service_type'] - service_description 'OpenStack Network Service' +# Do not configure a service/endpoint in keystone for heat-api-cloudwatch(Bug #1167927), +# See discussions on https://bugs.launchpad.net/heat/+bug/1167927 - action :create_service +connection_params = { + openstack_auth_url: "#{auth_url}/auth/tokens", + openstack_username: admin_user, + openstack_api_key: admin_pass, + openstack_project_name: admin_project, + openstack_domain_name: admin_domain +} + +# Register Network Service +openstack_service 'neutron' do + type 'network' + connection_params connection_params end -openstack_identity_register 'Register Network Endpoint' do - auth_uri auth_uri - bootstrap_token bootstrap_token - service_type node['openstack']['network']['service_type'] - endpoint_region node['openstack']['network']['region'] - endpoint_adminurl admin_api_endpoint.to_s - endpoint_internalurl internal_api_endpoint.to_s - endpoint_publicurl public_api_endpoint.to_s - - action :create_endpoint +# Register Network Public-Endpoint +interfaces.each do |interface, res| + # Register network Endpoints + openstack_endpoint 'network' do + service_name 'neutron' + interface interface.to_s + url res[:url].to_s + region region + connection_params connection_params + end +end +# Register Service Tenant +openstack_project service_tenant_name do + connection_params connection_params end -openstack_identity_register 'Register Service Tenant' do - auth_uri auth_uri - bootstrap_token bootstrap_token - tenant_name service_tenant_name - tenant_description 'Service Tenant' - - action :create_tenant -end - -openstack_identity_register "Register #{service_user} User" do - auth_uri auth_uri - bootstrap_token bootstrap_token - tenant_name service_tenant_name - user_name service_user - user_pass service_pass - - action :create_user -end - -openstack_identity_register "Grant '#{service_role}' Role to #{service_user} User for #{service_tenant_name} Tenant" do - auth_uri auth_uri - bootstrap_token bootstrap_token - tenant_name service_tenant_name - user_name service_user +# Register Service User +openstack_user service_user do + project_name service_tenant_name role_name service_role + password service_pass + connection_params connection_params +end +## Grant Service role to Service User for Service Tenant ## +openstack_user service_user do + role_name service_role + project_name service_tenant_name + connection_params connection_params action :grant_role end + +openstack_user service_user do + domain_name service_domain_name + role_name service_role + connection_params connection_params + action :grant_domain +end diff --git a/spec/default_spec.rb b/spec/default_spec.rb index 357425bc..29843f02 100644 --- a/spec/default_spec.rb +++ b/spec/default_spec.rb @@ -15,7 +15,7 @@ describe 'openstack-network' do expect(chef_run).to include_recipe('openstack-network::client') end - %w(neutron-common python-pyparsing python-cliff python-mysqldb).each do |package| + %w(neutron-common python-pyparsing python-mysqldb).each do |package| it do expect(chef_run).to upgrade_package(package) end @@ -114,11 +114,13 @@ describe 'openstack-network' do end end [ - /^tenant_name = service$/, + /^project_name = service$/, /^username = neutron$/, - %r{^auth_url = http://127\.0\.0\.1:5000/v2\.0$}, + /^user_domain_name = Default/, + /^project_domain_name = Default/, + %r{^auth_url = http://127\.0\.0\.1:5000/v3$}, /^password = neutron-pass$/, - /^auth_type = v2password$/ + /^auth_type = v3password$/ ].each do |line| it do expect(chef_run).to render_config_file(file.name) @@ -127,10 +129,12 @@ describe 'openstack-network' do end [ /^region_name = RegionOne$/, - /^auth_type = v2password$/, - %r{^auth_url = http://127\.0\.0\.1:5000/v2\.0$}, + /^auth_type = v3password$/, + %r{^auth_url = http://127\.0\.0\.1:5000/v3$}, /^username = nova$/, - /^tenant_name = service$/ + /^user_domain_name = Default/, + /^project_domain_name = Default/, + /^project_name = service$/ ].each do |line| it do expect(chef_run).to render_config_file(file.name) diff --git a/spec/identity_registration_spec.rb b/spec/identity_registration_spec.rb index 6d493c1b..f1c4bee7 100644 --- a/spec/identity_registration_spec.rb +++ b/spec/identity_registration_spec.rb @@ -13,160 +13,85 @@ describe 'openstack-network::identity_registration' do include_context 'neutron-stubs' - it 'registers network service' do - expect(chef_run).to create_service_openstack_identity_register( - 'Register Network API Service' + connection_params = { + openstack_auth_url: 'http://127.0.0.1:35357/v3/auth/tokens', + openstack_username: 'admin', + openstack_api_key: 'admin-pass', + openstack_project_name: 'admin', + openstack_domain_name: 'default' + } + service_name = 'neutron' + service_type = 'network' + service_user = 'neutron' + url = 'http://127.0.0.1:9696' + region = 'RegionOne' + project_name = 'service' + role_name = 'admin' + password = 'neutron-pass' + domain_name = 'Default' + + it "registers #{project_name} Project" do + expect(chef_run).to create_openstack_project( + project_name ).with( - auth_uri: 'http://127.0.0.1:35357/v2.0', - bootstrap_token: 'bootstrap-token', - service_type: 'network', - service_description: 'OpenStack Network Service' + connection_params: connection_params ) end - context 'registers network endpoint' do - it 'with default values' do - expect(chef_run).to create_endpoint_openstack_identity_register( - 'Register Network Endpoint' - ).with( - auth_uri: 'http://127.0.0.1:35357/v2.0', - bootstrap_token: 'bootstrap-token', - service_type: 'network', - endpoint_region: 'RegionOne', - endpoint_adminurl: 'http://127.0.0.1:9696', - endpoint_internalurl: 'http://127.0.0.1:9696', - endpoint_publicurl: 'http://127.0.0.1:9696' - ) - end - - it 'with different admin url values' do - admin_url = 'https://admin.host:123/admin_path' - general_url = 'http://general.host:456/general_path' - - # Set the general endpoint - node.set['openstack']['endpoints']['internal']['network']['uri'] = general_url - node.set['openstack']['endpoints']['public']['network']['uri'] = general_url - # Set the admin endpoint override - node.set['openstack']['endpoints']['admin']['network']['uri'] = admin_url - expect(chef_run).to create_endpoint_openstack_identity_register( - 'Register Network Endpoint' - ).with( - auth_uri: 'http://127.0.0.1:35357/v2.0', - bootstrap_token: 'bootstrap-token', - service_type: 'network', - endpoint_region: 'RegionOne', - endpoint_adminurl: admin_url, - endpoint_internalurl: general_url, - endpoint_publicurl: general_url - ) - end - - it 'with different public url values' do - public_url = 'https://public.host:789/public_path' - general_url = 'http://general.host:456/general_path' - - # Set the general endpoint - node.set['openstack']['endpoints']['internal']['network']['uri'] = general_url - # Set the public endpoint override - node.set['openstack']['endpoints']['public']['network']['uri'] = public_url - node.set['openstack']['endpoints']['admin']['network']['uri'] = general_url - expect(chef_run).to create_endpoint_openstack_identity_register( - 'Register Network Endpoint' - ).with( - auth_uri: 'http://127.0.0.1:35357/v2.0', - bootstrap_token: 'bootstrap-token', - service_type: 'network', - endpoint_region: 'RegionOne', - endpoint_adminurl: general_url, - endpoint_internalurl: general_url, - endpoint_publicurl: public_url - ) - end - - it 'with different internal url values' do - internal_url = 'http://internal.host:456/internal_path' - general_url = 'http://general.host:456/general_path' - - # Set the general endpoint - node.set['openstack']['endpoints']['admin']['network']['uri'] = general_url - # Set the internal endpoint override - node.set['openstack']['endpoints']['internal']['network']['uri'] = internal_url - node.set['openstack']['endpoints']['public']['network']['uri'] = general_url - expect(chef_run).to create_endpoint_openstack_identity_register( - 'Register Network Endpoint' - ).with( - auth_uri: 'http://127.0.0.1:35357/v2.0', - bootstrap_token: 'bootstrap-token', - service_type: 'network', - endpoint_region: 'RegionOne', - endpoint_adminurl: general_url, - endpoint_internalurl: internal_url, - endpoint_publicurl: general_url - ) - end - - it 'with different internal,public, and admin url values' do - admin_url = 'https://admin.host:123/admin_path' - internal_url = 'http://internal.host:456/internal_path' - public_url = 'https://public.host:789/public_path' - - node.set['openstack']['endpoints']['internal']['network']['uri'] = internal_url - node.set['openstack']['endpoints']['public']['network']['uri'] = public_url - node.set['openstack']['endpoints']['admin']['network']['uri'] = admin_url - - expect(chef_run).to create_endpoint_openstack_identity_register( - 'Register Network Endpoint' - ).with( - auth_uri: 'http://127.0.0.1:35357/v2.0', - bootstrap_token: 'bootstrap-token', - service_type: 'network', - endpoint_region: 'RegionOne', - endpoint_adminurl: admin_url, - endpoint_internalurl: internal_url, - endpoint_publicurl: public_url - ) - end - it 'with custom region override' do - node.set['openstack']['network']['region'] = 'netRegion' - - expect(chef_run).to create_endpoint_openstack_identity_register( - 'Register Network Endpoint' - ).with(endpoint_region: 'netRegion') - end + it "registers #{service_name} service" do + expect(chef_run).to create_openstack_service( + service_name + ).with( + connection_params: connection_params, + type: service_type + ) end - it 'registers service tenant' do - expect(chef_run).to create_tenant_openstack_identity_register( - 'Register Service Tenant' - ).with( - auth_uri: 'http://127.0.0.1:35357/v2.0', - bootstrap_token: 'bootstrap-token', - tenant_name: 'service', - tenant_description: 'Service Tenant' - ) + context "registers #{service_name} endpoint" do + %w(admin internal public).each do |interface| + it "#{interface} endpoint with default values" do + expect(chef_run).to create_openstack_endpoint( + service_type + ).with( + service_name: service_name, + # interface: interface, + url: url, + region: region, + connection_params: connection_params + ) + end + end end it 'registers service user' do - expect(chef_run).to create_user_openstack_identity_register( - 'Register neutron User' + expect(chef_run).to create_openstack_user( + service_user ).with( - auth_uri: 'http://127.0.0.1:35357/v2.0', - bootstrap_token: 'bootstrap-token', - tenant_name: 'service', - user_name: 'neutron', - user_pass: 'neutron-pass' + project_name: project_name, + role_name: role_name, + password: password, + connection_params: connection_params ) end - it 'grants admin role to service user for service tenant' do - expect(chef_run).to grant_role_openstack_identity_register( - "Grant 'admin' Role to neutron User for service Tenant" + it do + expect(chef_run).to grant_domain_openstack_user( + service_user ).with( - auth_uri: 'http://127.0.0.1:35357/v2.0', - bootstrap_token: 'bootstrap-token', - tenant_name: 'service', - role_name: 'admin', - user_name: 'neutron' + domain_name: domain_name, + role_name: role_name, + connection_params: connection_params + ) + end + + it do + expect(chef_run).to grant_role_openstack_user( + service_user + ).with( + project_name: project_name, + role_name: role_name, + password: password, + connection_params: connection_params ) end end diff --git a/spec/openvswitch_spec.rb b/spec/openvswitch_spec.rb index 31c81486..659016ea 100644 --- a/spec/openvswitch_spec.rb +++ b/spec/openvswitch_spec.rb @@ -13,10 +13,6 @@ describe 'openstack-network::openvswitch' do expect(chef_run).to upgrade_package 'openvswitch-switch' end - it 'upgrades openvswitch datapath dkms' do - expect(chef_run).to upgrade_package 'openvswitch-datapath-dkms' - end - it 'upgrades linux bridge utils' do expect(chef_run).to upgrade_package 'bridge-utils' end diff --git a/spec/spec_helper.rb b/spec/spec_helper.rb index 98cff805..49fdfffd 100644 --- a/spec/spec_helper.rb +++ b/spec/spec_helper.rb @@ -45,6 +45,9 @@ shared_context 'neutron-stubs' do allow_any_instance_of(Chef::Recipe).to receive(:get_password) .with('service', 'openstack-compute') .and_return('nova-pass') + allow_any_instance_of(Chef::Recipe).to receive(:get_password) + .with('user', 'admin') + .and_return('admin-pass') end shared_examples 'custom template banner displayer' do it 'shows the custom banner' do